1. Field of the Invention
The present invention relates to a system and method for a hierarchical access determination system and method, and more particularly to a system and method for determining access to a target object based on an actor attribute, an action attribute and a target attribute to determine which access control instructions are relevant to a particular access request.
2. Discussion of the Related Art
Conventional systems and methods are available for protecting resources or target objects from unauthorized access and manipulation. Many current systems have limited inheritance capabilities. For example, although a current directory server may enable an access control instruction (“ACI”) to designate a group of targets, it is not possible to implement complex ACIs in which access rights are determined based upon the hierarchical structure of the actor data store, the action data store, and the target data store. Furthermore, current directory servers do not allow an administrator to readily extend the types of actions controlled by the system. For example, conventional directory servers enable an administrator to establish ACIs relating to a set of pre-defined actions: reading, writing, adding, deleting, searching, comparing, and self-writing. However, the systems may not be configured to enforce administrator created actions, such as a “buy_from_catalog” action.
Additionally, current directory servers are not configured to allow an administrator to establish an implication hierarchy, or a logical hierarchy relating to actions. Other limitations may exist with current access control systems.